[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free i
From: |
Max Reitz |
Subject: |
Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit |
Date: |
Thu, 13 Sep 2018 23:43:00 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 13.09.18 22:55, Max Reitz wrote:
> On 13.09.18 14:52, Kevin Wolf wrote:
>> When starting an active commit job, other callbacks can run before
>> mirror_start_job() calls bdrv_ref() where needed and cause the nodes to
>> go away. Add another pair of bdrv_ref/unref() around it to protect
>> against this case.
>>
>> Signed-off-by: Kevin Wolf <address@hidden>
>> ---
>> block/mirror.c | 11 +++++++++++
>> 1 file changed, 11 insertions(+)
>
> Reviewed-by: Max Reitz <address@hidden>
>
> But... How?
>
> Like... You mirror to some target (in an iothread), then you give that
> target a backing file, then you cancel the mirror and immediately commit
> the target?
The only way I got this to work was to allow commit to accept a non-root
BDS as @device. I can't imagine a way where @device can go away, but
isn't currently in use by something that would make it a non-root BDS.
(Because the only reason someone can make it go away is because that
someone uses it right now.)
But if commit accepts non-root BDSs as @device, I get a segfault even
after this commit...
Max
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, (continued)
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Paolo Bonzini, 2018/09/17
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Kevin Wolf, 2018/09/17
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Paolo Bonzini, 2018/09/17
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Kevin Wolf, 2018/09/18
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Paolo Bonzini, 2018/09/18
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Kevin Wolf, 2018/09/18
- Re: [Qemu-devel] [Qemu-block] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Paolo Bonzini, 2018/09/19
Re: [Qemu-devel] [PATCH v2 11/17] block-backend: Decrease in_flight only after callback, Max Reitz, 2018/09/13
[Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Kevin Wolf, 2018/09/13
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Max Reitz, 2018/09/13
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit,
Max Reitz <=
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Kevin Wolf, 2018/09/14
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Max Reitz, 2018/09/16
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Kevin Wolf, 2018/09/17
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Max Reitz, 2018/09/18
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Kevin Wolf, 2018/09/18
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Max Reitz, 2018/09/18
- Re: [Qemu-devel] [PATCH v2 12/17] mirror: Fix potential use-after-free in active commit, Kevin Wolf, 2018/09/20
[Qemu-devel] [PATCH v2 15/17] test-bdrv-drain: Test nested poll in bdrv_drain_poll_top_level(), Kevin Wolf, 2018/09/13
[Qemu-devel] [PATCH v2 13/17] blockjob: Lie better in child_job_drained_poll(), Kevin Wolf, 2018/09/13